Expert Advice Community

Home / ISO 27001 & 22301 / Planning information security continuity

Guest

Planning information security continuity

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Feb 05, 2019 Last commented:   Feb 05, 2019

Planning information security continuity

ISO 27001 & 22301
I have a question about control A.17.1.1 (inside the Statement of Applicability.) The implementation method talks about a methodology of business impact analysis (GAA). Is there a template anywhere or do we have to make this on our own?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Feb 05, 2019

Answer:

We're sorry about this confusion - reference to Business Impact Analysis (BIA) in the Statement of Applicability is needed only for companies that want to be compliant with ISO 22301 together with ISO 27001. If you are going for ISO 27001 only, we do not recommend you to do the BIA because it will complicate the whole process - instead, for the control A.17.1.1 we recommend that you refer to Procedure for Identification of Requirements and List of legal, regulatory and other requirements.

If you decide to go for Business Impact Analysis, you can find the template here: https://advisera.com/27001academy/documentation/business-impact-analysis-questionnaire/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 05, 2019

Feb 05, 2019

Suggested Topics
Guest user Created:   May 22, 2018 ISO 27001 & 22301
Replies: 1
0 0

Planning information security continuity
Guest user Created:   Sep 24, 2021 ISO 27001 & 22301
Replies: 1
0 0

Documentation of requirements
Guest user Created:   Jan 13, 2016 ISO 27001 & 22301
Replies: 2
0 0

BIA and RA