Guest
Risk mitigation and BC strategy
First I bought Becoming resilient the definitive guide to ISO 22301 implementation, to study for a Business continuity management exam. I liked the book, very easy to understand. But after finishing it and I think having understood pretty well the contents I couldn´t find answer to the question - When are risks mitigated?: ASAP, after the risk analysis or after having implemented the strategies for BC.
Assign topic to the user
Expert
Rhand Leal
Jul 06, 2018
As I had to take the exam and I still didn´t have answer for the question I bought ISO 27001 Risk Management, hoping to find the answer. But I didn´t.
The pocket book is really fine, though having read “Becoming resilient” most of the contents of the ISO 27001 Risk Management pocket book are exactly the same. But anyway I think I learned some new things.
Answer: Risk mitigation involves the implementation of controls to reduce the impact and/or probability of a risk to happen, so by mitigating risks before implementing the strategies for BC will help reduce the required resources to implement BC strategies. Regarding ISO 27001 Risk Manag ement, it has much more precise requirements regarding the timing of the mitigation - the controls do not need to be implemented right away, but they need to be planned through the Risk Treatment Plan.
For example, by installing a lightning rod system, you can reduce the need for a secondary site as result of a lighting storm damaging a build electrical infrastructure.
Comment as guest or Sign in
Jul 06, 2018
Jul 06, 2018
Jul 06, 2018