SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Risk Management and BCM

Guest

Risk Management and BCM

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Mar 13, 2019 Last commented:   Mar 13, 2019

Risk Management and BCM

ISO 27001 & 22301
Do you have an example of any organization structure for BCM ? What is the role of Risk Management team during catastrophe event, is it just a part of crisis management team, and also monitoring the implementation of BCP, coordinating with Emergency Response and Damage Assessment team, or anything else?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Mar 13, 2019

Answer:

There is no definitive organizational structure for a BCM, so here are some examples:
- For micro and small businesses, the BCM may consist of only one person, accumulating this role with other business functions.
- For mid-size businesses, the BCM may consist of a person dedicated to this function plus a small team for operational activities.
- For large business, the BCM may consist of a business manager or coordinator with teams dedicated to specific business processes (e.g., IT, physical infrastructure, logistic, etc.)
The common point is that all these structures are subordinated to Top Management, either to the CEO himself or to a Senior Manager.

Regarding the role of the Risk Management team on BCM, this team works to id entify and prioritize the most relevant risks that can lead to business disruption and work with related interested parties to identify, implement and periodically evaluate the effectiveness of controls and continuity plans. Their role is more on prevention, performance evaluation and continual improvement, than on handling the disruptive event when it happens.

These articles will provide you further explanation about BCM roles:
- The challenging role of the ISO 22301 BCM Manager https://advisera.com/27001academy/blog/2016/03/21/the-challenging-role-of-the-iso-22301-bcm-manager/
- Beyond the BCM Manager: Additional roles to consider during the disruptive incident https://advisera.com/27001academy/blog/2016/12/05/beyond-the-bcm-manager-additional-roles-to-consider-during-the-disruptive-incident/

These articles, although related to ISO 27001, standard for Information Security Management, use concepts that can also be applied to BCM:
- Chief Information Security Officer (CISO) – where does he belong in an org chart? https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
- Where does information security fit into a company? https://advisera.com/27001academy/blog/2016/10/24/where-does-information-security-fit-into-a-company/

This material also can provide you further information:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 13, 2019

Mar 13, 2019

Suggested Topics
Guest user Created:   Aug 14, 2020 ISO 27001 & 22301
Replies: 1
0 0

Difference between BCMS and Risk Management System
Guest user Created:   Aug 22, 2019 ISO 27001 & 22301
Replies: 1
0 0

ISO 20k risk management process for BCMS
Guest user Created:   Jan 12, 2016 ISO 27001 & 22301
Replies: 1
0 0

Risk management in BCMS and ISMS