Which are the right ISO standards to use
I would like your guidence in which standards are the right to use in respect of service continuity management. I find as well 27001 as 27301 and 27031 all relevant on top of 22301 for business continuity mgmt. Please let me know how you see which of these are most right to relate to as the primary - or if you find it relevant to look after more than one.
Assign topic to the user
First is important to note that there is no such ISO 27301 standard.
Considering that, the proper standard to use will depend on your needs:
- if your priority is information protection, then you should use ISO 27001.
- if your priority is to ensure processes and services delivery under disruptive conditions, then you should use ISO 22301.
ISO 27031 is a support standard that can be used together with ISO 27001, because it provides specific guidance for ICT readiness for controls from ISO 27001 Annex A.
Sometimes it may be advantageous to implement both ISO 27001 and ISO 22301 (e.g., when this integrated implementation can fulfill other business objectives).
These articles will provide further information:
- What to implement first: ISO 22301 or ISO 27001? https://advisera.com/27001academy/blog/2017/04/03/what-to-implement-first-iso-22301-or-iso-27001/
- How to implement integrated management system https://advisera.com/articles/how-to-implement-integrated-management-systems/
- Understanding IT disaster recovery according to ISO 27031 https://advisera.com/27001academy/blog/2015/09/21/understanding-it-disaster-recovery-according-to-iso-27031/
Comment as guest or Sign in
Sep 30, 2020