Guest
Legal requirements for ISO 22301
I have recently taken the role of a BCM Coordinator. According to the ISO 22301 clause 4.2.2, an org needs to document the legal and regulatory requirements of the org. Please can you let me know what documents can be considered as a evidence of this? Or what details are relevant from the legal aspect if I have to include them in the BC Strategy document itself? Any help on this or a sample document etc. will greatly help me please.
Assign topic to the user
Expert
Rhand Leal
Jun 20, 2019
Answer:
Examples of legal and regulatory requirements for ISO 22301 are:
- Service agreements with customers or suppliers
- NFA Compliance Rule 2-38: Business Continuity and Disaster Recovery Plan (CFTC – Commodity Futures Trading Commission) (regulation)
- IDA By-Law 17.19 – Business Continuity Plan Requirement (OSC (Ontario Securities Commission))
Regarding details to be considered, you have to identify items like: requirements for the recovery time to be achieved (e.g., minimal business activities must return after no more then 3 hours after a disruption), technologies or infrastructure to be used, etc.
To see how a list of requirements looks like I suggest you to take a look at the free demo of this List of Legal, Regulatory, Contractual and Other Requirements at this link: https://advisera.com/27001academy/documentation/list-of-legal-regulatory-contractual-and-other-requirements/
These articles will provide you further explanation about identification of legal requirements:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/ (although this article is about ISO 27001, the concept also applies to ISO 22301)
- Laws and regulations on information security and business continuity https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/
Comment as guest or Sign in
Jun 20, 2019
Jun 20, 2019
Jun 20, 2019