Guest user Created: Apr 03, 2019 Last commented: Apr 03, 2019

Risk assessment for ISO 22301

I am designing a complete end to end BCM project aligned with ISO 22301. I am just confused now regarding risk assessment ... I do not know hot to start it because there is a dedicated function is responsible for risk management and they have done their risk assessment and they have risk register now ..... as a business continuity manager do I have to conduct a different risk assessment ?And what does it include?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Apr 03, 2019

Answer:

Risk assessment for BCM must identify risks that can cause disruption of business operations and services, so together with Business Impact analysis you can more easily identify which risks to business you have to handle.

Considering you already have a function responsible for risk management and risk data, you should verify if the existing Risk Register can help you.

If at this moment the Risk Register can not help you, then you should talk to the responsible for risk management about ISO 22301 requirements and ask him for support to perform a risk assessment for the BCM. Since ISO 22301 does not prescribe any appro ach to perform risk management, you can adopt the current approach without compromising ISO 22301 requirements.
This article will provide you further explanation about risk management for business continuity:
- Risk assessment vs. business impact analysis https://advisera.com/27001academy/knowledgebase/risk-assessment-vs-business-impact-analysis/

This material will also help you regarding risk management for business continuity:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 03, 2019

Expert Advice Community