Risks and ISO 22301
Assign topic to the user
Answer:
First it is important to note that ISO 22301 does not focus on risk management, but on business continuity. The objective of this standard is to ensure continuity of processes and delivery of services after a disruptive event, and risk management is one approach to achieve this objective, by the identification and treatment of risks that can lead to a disruptive event, but the standard itself does not define which risks to be treated or how to identify and treat them, only that this activity must be performed.
For detailed information about risk management you should consider the ISO 31000 standard
These articles will provide you further explanation about ISO 22301 and ISO 31000:
- What is ISO 22301 https://advisera.com/27001academy/what-is-iso-22301/
- ISO 31000 and ISO 27001 – How are they related? https://advisera.com/27001academy/blog/2014/03/31/iso-31000-and-iso-27001-how-are-they-related/
Although the last article mentions ISO 27001, the concepts of ISO 31000 included in the article are also applicable to ISO 22301.
Comment as guest or Sign in
Apr 04, 2019