Guest user Created: Jul 06, 2018 Last commented: Jul 06, 2018

Risk mitigation and BC strategy

First I bought Becoming resilient the definitive guide to ISO 22301 implementation, to study for a Business continuity management exam. I liked the book, very easy to understand. But after finishing it and I think having understood pretty well the contents I couldn´t find answer to the question - When are risks mitigated?: ASAP, after the risk analysis or after having implemented the strategies for BC.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jul 06, 2018

As I had to take the exam and I still didn´t have answer for the question I bought ISO 27001 Risk Management, hoping to find the answer. But I didn´t.

The pocket book is really fine, though having read “Becoming resilient” most of the contents of the ISO 27001 Risk Management pocket book are exactly the same. But anyway I think I learned some new things.

Answer: Risk mitigation involves the implementation of controls to reduce the impact and/or probability of a risk to happen, so by mitigating risks before implementing the strategies for BC will help reduce the required resources to implement BC strategies. Regarding ISO 27001 Risk Manag ement, it has much more precise requirements regarding the timing of the mitigation - the controls do not need to be implemented right away, but they need to be planned through the Risk Treatment Plan.

For example, by installing a lightning rod system, you can reduce the need for a secondary site as result of a lighting storm damaging a build electrical infrastructure.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 06, 2018

Expert Advice Community