Planning information security continuity
Assign topic to the user
Answer:
We're sorry about this confusion - reference to Business Impact Analysis (BIA) in the Statement of Applicability is needed only for companies that want to be compliant with ISO 22301 together with ISO 27001. If you are going for ISO 27001 only, we do not recommend you to do the BIA because it will complicate the whole process - instead, for the control A.17.1.1 we recommend that you refer to Procedure for Identification of Requirements and List of legal, regulatory and other requirements.
If you decide to go for Business Impact Analysis, you can find the template here: https://advisera.com/27001academy/documentation/business-impact-analysis-questionnaire/
Comment as guest or Sign in
Feb 05, 2019